Correct zone file set-up for mail to my home server
I send (some) E-Mail direct to my home server machine using SMTP, I used to do this using a sub-domain of my domain isbd.net which is hosted at Gradwell. I added a CNAME record for 'home' to the zone file for isbd.net and gave my static ADSL address as the value for this record. Thus mail forwarded to 'chris@home.isbd.net' arrived at my home server machine (subject to NAT forwarding and firewall of course) and was delivered by postfix to user chris. I now have a dedicated domain for my home server(s) and I'm struggling to get things working. The new domain is zbmc.eu, I have set up the zone file at the domain hosting as follows:- imap 10800 IN CNAME access.mail.gandi.net. www 10800 IN CNAME zbmc.eu. smtp 10800 IN CNAME relay.mail.gandi.net. pop 10800 IN CNAME access.mail.gandi.net. blog 10800 IN CNAME blogs.vip.gandi.net. webmail 10800 IN CNAME agent.mail.gandi.net. @ 10800 IN A 84.45.228.40 @ 10800 IN MX 10 mws.zbmc.eu. mws 10800 IN CNAME zbmc.eu. (Most of this is unchanged from the default setup of course) The 'www' CNAME entry is working fine, going to www.zbmc.eu shows my web pages (or more my lack of web pages!). I'm not at all convinced that I have the MX record right yet though, nor am I convinced that I actually need that 'mws' CNAME record. Could I just set the MX record to:- @ 10800 IN MX 10 zbmc.eu. Can one of the alug gurus elucidate please. ... and do I *need* a second MX (backup) record or will the sending SMTP server just back off and try again if my server is down for a short while? -- Chris Green
On Mon, August 9, 2010 15:01, Chris G wrote:
I'm not at all convinced that I have the MX record right yet though, nor am I convinced that I actually need that 'mws' CNAME record. Could I just set the MX record to:-
@ 10800 IN MX 10 zbmc.eu.
Your MX records should never be a CNAME.
... and do I *need* a second MX (backup) record or will the sending SMTP server just back off and try again if my server is down for a short while?
No, you don't. -- Martin A. Brooks http://antibodyMX.net/ - antispam & antivirus email filtering.
On Mon, Aug 09, 2010 at 04:28:20PM +0100, Martin A. Brooks wrote:
On Mon, August 9, 2010 15:01, Chris G wrote:
I'm not at all convinced that I have the MX record right yet though, nor am I convinced that I actually need that 'mws' CNAME record. Could I just set the MX record to:-
@ 10800 IN MX 10 zbmc.eu.
Your MX records should never be a CNAME.
OK, so would the above MX be correct? I.e. I just have:- @ 10800 IN A 84.45.228.40 @ 10800 IN MX 10 zbmc.eu. In the zone file for zbmc.eu? (Where 84.45.228.40 is the IP address of my ADSL connection)
... and do I *need* a second MX (backup) record or will the sending SMTP server just back off and try again if my server is down for a short while?
No, you don't.
So just one MX is fine for a simple system with, effectively, only one user at the end. It is pretty reliable and is never turned off except for upgrades and/or disasters. -- Chris Green
On 09 Aug 15:01, Chris G wrote:
I send (some) E-Mail direct to my home server machine using SMTP, I used to do this using a sub-domain of my domain isbd.net which is hosted at Gradwell. I added a CNAME record for 'home' to the zone file for isbd.net and gave my static ADSL address as the value for this record.
Thus mail forwarded to 'chris@home.isbd.net' arrived at my home server machine (subject to NAT forwarding and firewall of course) and was delivered by postfix to user chris.
I now have a dedicated domain for my home server(s) and I'm struggling to get things working.
The new domain is zbmc.eu, I have set up the zone file at the domain hosting as follows:-
imap 10800 IN CNAME access.mail.gandi.net. www 10800 IN CNAME zbmc.eu. smtp 10800 IN CNAME relay.mail.gandi.net. pop 10800 IN CNAME access.mail.gandi.net. blog 10800 IN CNAME blogs.vip.gandi.net. webmail 10800 IN CNAME agent.mail.gandi.net. @ 10800 IN A 84.45.228.40 @ 10800 IN MX 10 mws.zbmc.eu. mws 10800 IN CNAME zbmc.eu.
MX pointing to a CNAME is a violation of the DNS policy, MX records should *always* resolve to A records, not CNAME records. You can (in your setup, though it's not what I'd do), use: @ 10800 IN MX 10 zbmc.eu.
(Most of this is unchanged from the default setup of course)
A default setup would *not* have the MX pointing to a CNAME.
The 'www' CNAME entry is working fine, going to www.zbmc.eu shows my web pages (or more my lack of web pages!).
I'm not at all convinced that I have the MX record right yet though, nor am I convinced that I actually need that 'mws' CNAME record. Could I just set the MX record to:-
@ 10800 IN MX 10 zbmc.eu.
Yes, you can. I wouldn't. I'd setup: mail 10800 IN A 84.45.228.40
Can one of the alug gurus elucidate please.
... and do I *need* a second MX (backup) record or will the sending SMTP server just back off and try again if my server is down for a short while?
There's very very rarely a need for a secondary MX record, it's only really of use if you're going to be offline on the primary MX for > 1 day and the TTL of your MX record is set to a long time, otherwise, you just change the MX record during downtime. Other mail servers will queue nicely for you for (usually) up to 3 days, or generate bounces to the senders. Personally, I wouldn't be squeezing SMTP data over a ADSL line, I don't trust BT (or the LLUs) that far... My mail sits outside my home connection on a VM that I can access from anywhere (via imap), and post through from anywhere (using smtp and authentication on the submission port), and I usually use mutt directly on there (unless I want to sign things, etc, then I use the magic mutt config on my laptop instead, as I tend to use ssh as the transport for the imap stream, thus using my ssh key that I've got ssh-agent and a passphrase for, rather than having to give mutt my imap password). Thanks, -- Brett Parker
On Mon, August 9, 2010 17:36, Brett Parker wrote:
Personally, I wouldn't be squeezing SMTP data over a ADSL line, I don't trust BT (or the LLUs) that far... My mail sits outside my home connection on a VM that I can access from anywhere (via imap), and post through from anywhere (using smtp and authentication on the submission port),
I have written a HOWTO on setting up such a server: http://hinterlands.org/wiki/index.php/DebianEximDovecotSquirrelmailSieve
On Mon, Aug 09, 2010 at 05:36:33PM +0100, Brett Parker wrote:
On 09 Aug 15:01, Chris G wrote:
I send (some) E-Mail direct to my home server machine using SMTP, I used to do this using a sub-domain of my domain isbd.net which is hosted at Gradwell. I added a CNAME record for 'home' to the zone file for isbd.net and gave my static ADSL address as the value for this record.
Thus mail forwarded to 'chris@home.isbd.net' arrived at my home server machine (subject to NAT forwarding and firewall of course) and was delivered by postfix to user chris.
I now have a dedicated domain for my home server(s) and I'm struggling to get things working.
The new domain is zbmc.eu, I have set up the zone file at the domain hosting as follows:-
imap 10800 IN CNAME access.mail.gandi.net. www 10800 IN CNAME zbmc.eu. smtp 10800 IN CNAME relay.mail.gandi.net. pop 10800 IN CNAME access.mail.gandi.net. blog 10800 IN CNAME blogs.vip.gandi.net. webmail 10800 IN CNAME agent.mail.gandi.net. @ 10800 IN A 84.45.228.40 @ 10800 IN MX 10 mws.zbmc.eu. mws 10800 IN CNAME zbmc.eu.
MX pointing to a CNAME is a violation of the DNS policy, MX records should *always* resolve to A records, not CNAME records.
OK, so that's plain wrong, thank you.
You can (in your setup, though it's not what I'd do), use: @ 10800 IN MX 10 zbmc.eu.
That's probably what I'll do initially at least.
(Most of this is unchanged from the default setup of course)
A default setup would *not* have the MX pointing to a CNAME.
You can't tell what it points at since the MX records point to names 'out there' that you have no control over (usually other dedicated servers at the ISP which, of course, shouldn't be CNAMEs).
The 'www' CNAME entry is working fine, going to www.zbmc.eu shows my web pages (or more my lack of web pages!).
I'm not at all convinced that I have the MX record right yet though, nor am I convinced that I actually need that 'mws' CNAME record. Could I just set the MX record to:-
@ 10800 IN MX 10 zbmc.eu.
Yes, you can. I wouldn't. I'd setup: mail 10800 IN A 84.45.228.40
How does this differ in essence? Apart from adding another name for the same 'machine' I can see little that it adds?
Can one of the alug gurus elucidate please.
... and do I *need* a second MX (backup) record or will the sending SMTP server just back off and try again if my server is down for a short while?
There's very very rarely a need for a secondary MX record, it's only really of use if you're going to be offline on the primary MX for > 1 day and the TTL of your MX record is set to a long time, otherwise, you just change the MX record during downtime. Other mail servers will queue nicely for you for (usually) up to 3 days, or generate bounces to the senders.
Yes, that was what I had surmised from comments I have seen elsewhere.
Personally, I wouldn't be squeezing SMTP data over a ADSL line, I don't trust BT (or the LLUs) that far... My mail sits outside my home connection on a VM that I can access from anywhere (via imap), and post through from anywhere (using smtp and authentication on the submission port), and I usually use mutt directly on there (unless I want to sign things, etc, then I use the magic mutt config on my laptop instead, as I tend to use ssh as the transport for the imap stream, thus using my ssh key that I've got ssh-agent and a passphrase for, rather than having to give mutt my imap password).
You're doing what I used to do. I used to run mutt on a shell account at my hosting service. I do find that mutt over IMAP is (relatively) slow and clumsy compared with mutt and a real 'unix' mail spool though which is why I have moved to my present setup. I have two ADSL connections with different ISPs so, as long as the physical connection doesn't get killed (which means I'm stuffed anyway) I can get to my mail. In addition I 'spool' my incoming mail to a system at the hosting service in parallel with sending it to my home system so if I really screw things up (not a *rare* event) I can still get to see my mail. -- Chris Green
On 09 Aug 19:34, Chris G wrote: <snippity class="dnsfoo" />
You're doing what I used to do. I used to run mutt on a shell account at my hosting service. I do find that mutt over IMAP is (relatively) slow and clumsy compared with mutt and a real 'unix' mail spool though which is why I have moved to my present setup.
Weirdly, I've found using mutt and imap even on the vm itself is *quicker* than using mutt itself to access my mailspool. Less IO involved with my dovecot setup, and I have the header cache turned on, so it takes mutt less time to mess with the imap server than it does for it to scan the hdd every time it updates. Dovecot generates indexes (and because I use dovecot's deliver program to drop my mail in to my Maildirs, they're updated as the mail comes in...) which make accessing mail a lot quicker. Unless you're talking mbox, in which case, it's all a complete loss!
I have two ADSL connections with different ISPs so, as long as the physical connection doesn't get killed (which means I'm stuffed anyway) I can get to my mail. In addition I 'spool' my incoming mail to a system at the hosting service in parallel with sending it to my home system so if I really screw things up (not a *rare* event) I can still get to see my mail.
Erm, so, it comes in your ADSL line and then gets streamed back out of it to the hosting service? Sounds like an interesting waste of bandwidth! Why not MX the hosting service first and then get that to forward to ADSL connection? -- Brett Parker
On Tue, Aug 10, 2010 at 12:46:42PM +0100, Brett Parker wrote:
On 09 Aug 19:34, Chris G wrote:
<snippity class="dnsfoo" />
You're doing what I used to do. I used to run mutt on a shell account at my hosting service. I do find that mutt over IMAP is (relatively) slow and clumsy compared with mutt and a real 'unix' mail spool though which is why I have moved to my present setup.
Weirdly, I've found using mutt and imap even on the vm itself is *quicker* than using mutt itself to access my mailspool. Less IO involved with my dovecot setup, and I have the header cache turned on, so it takes mutt less time to mess with the imap server than it does for it to scan the hdd every time it updates. Dovecot generates indexes (and because I use dovecot's deliver program to drop my mail in to my Maildirs, they're updated as the mail comes in...) which make accessing mail a lot quicker.
Unless you're talking mbox, in which case, it's all a complete loss!
Of course I'm talking mbox! :-) It's *so* much faster and more convenient in every way than maildir that there is absolutely no way I'm going back to maildir. I used maildir for a year or so until recently when I switched back, the difference in 'user feel' is huge.
I have two ADSL connections with different ISPs so, as long as the physical connection doesn't get killed (which means I'm stuffed anyway) I can get to my mail. In addition I 'spool' my incoming mail to a system at the hosting service in parallel with sending it to my home system so if I really screw things up (not a *rare* event) I can still get to see my mail.
Erm, so, it comes in your ADSL line and then gets streamed back out of it to the hosting service? Sounds like an interesting waste of bandwidth! Why not MX the hosting service first and then get that to forward to ADSL connection?
No, it's forwarded from the hosting service to two addresses, one at the hosting service and the other here at home. A forwarding facility that allows one to forward to multiple addresses is a real boon, you can set up a new/test destination without affecting your existing set-up, test the new destination until it works properly and then turn off the original forwarding address. -- Chris Green
On 10 Aug 12:55, Chris G wrote:
On Tue, Aug 10, 2010 at 12:46:42PM +0100, Brett Parker wrote:
Unless you're talking mbox, in which case, it's all a complete loss!
Of course I'm talking mbox! :-)
It's *so* much faster and more convenient in every way than maildir that there is absolutely no way I'm going back to maildir. I used maildir for a year or so until recently when I switched back, the difference in 'user feel' is huge.
Erm, until you want to delete that mail in the middle of the mbox... or archive off the previous month... or have 2 clients both trying to access the same mbox... or - mbox is dead, a decent filesystem gives good performance on Maildir, and Maildir mitigates a lot of the problems that mbox suffers - I'd not like to see any ISP using mbox as the backing store for e-mail, it's just not efficient. Either you don't get a huge amount of mail, or don't archive it very often, I know from experience that using mbox directly in mutt will use a *lot* more memory than I use with the imap wrapper to the Maildir store (and I'm including the memory used by the imap wrapper!).
I have two ADSL connections with different ISPs so, as long as the physical connection doesn't get killed (which means I'm stuffed anyway) I can get to my mail. In addition I 'spool' my incoming mail to a system at the hosting service in parallel with sending it to my home system so if I really screw things up (not a *rare* event) I can still get to see my mail.
Erm, so, it comes in your ADSL line and then gets streamed back out of it to the hosting service? Sounds like an interesting waste of bandwidth! Why not MX the hosting service first and then get that to forward to ADSL connection?
No, it's forwarded from the hosting service to two addresses, one at the hosting service and the other here at home. A forwarding facility that allows one to forward to multiple addresses is a real boon, you can set up a new/test destination without affecting your existing set-up, test the new destination until it works properly and then turn off the original forwarding address.
Erm, OK - so the MX isn't the home ADSL line? Or you have an external domain that mail really goes to and then is forwarded to that one? -- Brett Parker
On 10/08/10 14:49, Brett Parker wrote:
On 10 Aug 12:55, Chris G wrote:
Of course I'm talking mbox! :-)
It's *so* much faster and more convenient in every way than maildir that there is absolutely no way I'm going back to maildir. I used maildir for a year or so until recently when I switched back, the difference in 'user feel' is huge.
Erm, until you want to delete that mail in the middle of the mbox... or archive off the previous month... or have 2 clients both trying to access the same mbox... or - mbox is dead, a decent filesystem gives good performance on Maildir, and Maildir mitigates a lot of the problems that mbox suffers - I'd not like to see any ISP using mbox as the backing store for e-mail, it's just not efficient.
In my experience (using Thunderbird via Dovecot's IMAP, and mbox format), if you delete a message in the middle of the mbox file, it simply gets flagged as deleted. It's only actually removed if you "compress" the file - i.e rewrite without the deletions. Regards Steve
participants (5)
-
Brett Parker -
Chris G -
Martin A. Brooks -
Martin A. Brooks -
steve-ALUG@hst.me.uk